• Work with the monitoring team and user support on information security matters; • Monitor security consoles; • Manage changes, risks and information security and privacy incidents; • Identify and address gaps; • Support and perform audits (internal and external); • Investigate alert events and implement security improvements in the IT environment; • Map, adapt and improve processes to drive continuous improvement; • Develop and review procedures, standards and policies; • Implement and promote industry best practices related to information security and cybersecurity; • Foster an information security culture through training, workshops and capacity building; • Support and assist company departments, promoting integration across teams and business units; • Coordinate the team's communications group; • Activate support teams when needed.

Role Description This is a remote position that can only be hired in VA and NC. This position supports Information Security and Cyber Threat management programs within the Bank at an advanced level of ability. Analyzes vulnerability and threat data to provide actionable intelligence for cyber defense efforts. Evaluates the Bank's networks and systems to identify technical security gaps or deficiencies. Recommends process improvements and technical solutions to address the identified gaps or deficiencies. Facilitates the defense of the organization's information security and technological architecture through ongoing reporting and escalation of emerging threats. May provide guidance for less experienced associates in the work group or assist special projects. Responsibilities - Security Review: Monitors and evaluates security incidents, system alerts, audit events, and other activity for potential threats against the Bank's networks and systems. Detects anomalies, malware infections, and intrusion attempts. Identifies, recommends, and executes appropriate mitigation tactics for identified threats. May perform system testing or provisioning. - Analysis: Analyzes data from various operating systems, databases, and applications within the Bank. Sources and interprets data to proactively search for threats. - Business Support: Supports the defense of the organization's information security and technological architecture through a number of operational and technical tasks. Ensures all cyber security monitoring systems are online and fully operational as well as ensuring compliance with all security policies and standards. Maintains current knowledge about threat indicators, attack trends, and cyber-intel as well as news and reports from industry sources. Participates in the creation and maintenance of playbooks and incident response procedures. May answer inquiries or facilitate training on security threats for other associates in the work group. - Reporting: Produces reports that document investigation and security incidents as well as the results of analysis. Provides analytics and reporting that facilitates actionable cyber-intelligence within daily operations. Conveys information to the appropriate parties, which includes both internal and external partners. Qualifications - Bachelor's Degree and 4 years of experience in Information security OR High School Diploma or GED and 8 years of experience in Information security - Preferred Qualifications: Current FCB contractor Benefits - Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits .

• Develop a complete understanding of Baringa’s technology and information systems. • Lead in the response to RFPs/audits, including supplier security due diligence and third-party audit and assurance activities. • Identify and communicate current and emerging security threats and cyber risks. • Support a program of awareness-raising and training to deliver compliance and to foster a cyber conscious culture across the company. • Assist with the definition, implementation and maintenance of corporate security policies, standards and procedures. • Provide ‘hands on’ assistance, particularly in technical control implementation and incident response. • Coordinating the needs of in-house IT experts and remote employees, vendors and contractors. • Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives, especially the GRC Strategy. • Align organisational security strategy and infrastructure with overall business and information technology strategy. • Manage company compliance with information security, policies, standards, contractual obligations and guidance through business managers and champions providing advice, support and guidance on risk based good practice. • Lead on and produce technical security MI in support of governance and vulnerability management engagements. • Support client engagement leads on client queries and requests - during the business development process and during ongoing client engagement - regarding Baringa’s information technology security policies and processes.

• Analyze and remediate security alerts related to misconfigurations and vulnerabilities in cloud environments; • Support the implementation of security enhancements and best practices; • Monitor the evolution of cloud environments, ensuring compliance and risk reduction; • Collaborate with Information Security and DevOps teams; • Support the adoption of secure development practices and the proper use of Infrastructure as Code (IaC); • Participate in security incident handling when necessary; • Contribute suggestions and continuous improvements for cloud environments; • Assist in organizing, standardizing, and strengthening security in cloud environments.